Related Product: Remote Access
Related Version: Since version 9.0
The HTML5 VPN Portal feature provides access from external networks to internal resources via pre-configured connection types.
Known to apply to the following Sophos product(s) and version(s)
Sophos UTM v9
What is the HTML5 VPN Portal?
Besides the Site-to-Site VPN where you connect to networks in different locations, you have the option to setup a Host-to-Host VPN by setting up a Remote Access VPN via the HTML5 Portal. With this kind of Portal you offer the possibility for specific users (maximum 100 users) to connect to a Host.
The users are connecting with the HTML5 VPN Portal which is provided by the User Portal (
https://<IP/hostname of the UTM>/portal) on the UTM.
What To Do
Where to configure: WebAdmin
For setting up a Remote Access with the use of the HTML5 VPN portal you need the following components:
- A remote access connection configured on the UTM
- A user on the destination Host
- A running user portal on the UTM
- One of the following browsers on the local client: Internet Explorer v10 or higher, Firefox v6 or higher, Chrome
Configure the remote access connection on the UTM
Related section: Remote Access | HTML5 VPN Portal | Global
- Click on 'New HTML5 VPN Portal connection'.
- Enter a name for your new connection.
- Choose one of the following 'Connection types':
'Remote Desktop': Remote access using the Remote Desktop Protocol, e.g., to open a remote desktop session to a Windows host.
'Webapp (HTTP)': Browser-based access to web applications via HTTP.
'Webapp (HTTPS)': Browser-based access to web applications via HTTPS.
'Telnet': Terminal access using the Telnet protocol, e.g., to give access to a switch or a printer.
'SSH': Terminal access using SSHCollapsed.
'VNC': Remote access using Virtual Network Computing (VNCCollapsed), e.g., to open a remote desktop of a Linux/Unix host.
- Add the 'Destination' host as the system you want to be reachable via the VPN.
You can choose an existing host or create a new one by clicking on the green plus icon.
- You can enable 'Automatic login' and add username and password for the auto-login on the remote host if you don't want the user to login manually.
- Add the user who requires access.
- (If you use 'HTTPS' as connection type): Add the SSL host security certificate to identify the destination host.
- (If you use 'SSH' as connection type): Add the public key of the SSH host.
- Optionally in the 'Advanced' area you can enter a port number for the connection.
- Optionally (only with connection type 'Remote Desktop') you can select the security protocol for the remote desktop session.
Your settings have to comply with the server settings. 'NLA' requires to enable 'Automatic login' above.
- Optionally select 'Share session' to allow users to use the connection simultaneously.
- Optionally (only with connection types 'Webapp (HTTP/S)) 'Allow external resources' and enter resources that are allowed to be accessed via this connection.
This is useful if for example images are stored on a different server than the webpage itself.
- Click on 'Save' to apply the changes.
- Enable the session by clicking the enable button besides the Name for the VPN.
Configure the User Portal
For configuring the user portal refer to: http://community.sophos.com/kb/en-US/115157
Now the configured user can access the User Portal and on the Tab 'HTML5 VPN portal' he should be able to connect to the remote host.